[Date Prev][Date Next] [Chronological] [Thread] [Top]

Antw: Re: Issues with Ppolicy Overlay and chaining (master/slave)

>>> Raul Hernandez <hernandezr@gmail.com> schrieb am 16.09.2014 um 23:36 in
Nachricht
<CAL3GdwNJfDBDvwHmxFntggndsRC=wZ+SHM0LVeBbYQEm3ZGaEw@mail.gmail.com>:

[...]
> the my HDB access configuration, and realize  that my chaining
> (cn=syncrepluser,ou=security,dc=example,dc=com) user had "write"
> permissions on userPassword, pwdFailuretime, pwdChangedTime, pwdHistory,
> pwdAccountLockedTime attributes and that wasn't enough. I changed the
> "write" permission to "manage" and everything started working.
[...]

I read the slapd.access manual page, aand could not get it:
--
       The level access model relies on an incremental interpretation  of  the
       access  privileges.  The possible levels are none, disclose, auth, com-
       pare, search, read, write, and manage.  Each access level  implies  all
       the preceding ones, thus manage grants all access including administra-
       tive access.  The write access is actually the combination of  add  and
       delete,  which  respectively  restrict  the  write  privilege to add or
       delete the specified <what>.
--
"administrative access" is nowhere explained. So what does "manage" allow that "write" does not?

Regards,
Ulrich